Vulnerabilities > CVE-2000-0673 - Unspecified vulnerability in Microsoft Windows 2000 and Windows NT

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
microsoft
nessus
exploit available

Summary

The NetBIOS Name Server (NBNS) protocol does not perform authentication, which allows remote attackers to cause a denial of service by sending a spoofed Name Conflict or Name Release datagram, aka the "NetBIOS Name Server Protocol Spoofing" vulnerability.

Vulnerable Configurations

Part Description Count
OS
Microsoft
3

Exploit-Db

descriptionMicrosoft Windows NT 4/2000 NetBIOS Name Conflict Vulnerability. CVE-2000-0673. Remote exploit for windows platform
idEDB-ID:20106
last seen2016-02-02
modified2000-08-01
published2000-08-01
reporterSir Dystic
sourcehttps://www.exploit-db.com/download/20106/
titleMicrosoft Windows NT 4/2000 NetBIOS Name Conflict Vulnerability

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS00-047.NASL
descriptionThe hotfix for the
last seen2020-06-01
modified2020-06-02
plugin id10482
published2000-07-28
reporterThis script is Copyright (C) 2000-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/10482
titleMS00-047: NetBIOS Name Server Protocol Spoofing patch (269239)
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(10482);
 script_version("1.48");
 script_cvs_date("Date: 2018/11/15 20:50:29");

 script_cve_id("CVE-2000-0673");
 script_bugtraq_id(1514, 1515);
 script_xref(name:"MSFT", value:"MS00-047");
 script_xref(name:"MSKB", value:"269239");

 script_name(english:"MS00-047: NetBIOS Name Server Protocol Spoofing patch (269239)");
 script_summary(english:"Determines whether the hotfix Q269239 is installed");

 script_set_attribute(attribute:"synopsis", value:
"It is possible to spoof the NetBIOS name.");
 script_set_attribute(attribute:"description", value:
"The hotfix for the 'NetBIOS Name Server Protocol Spoofing' problem
has not been applied.

This vulnerability allows a malicious user to make this host think
that its name has already been taken on the network, thus preventing
it from functioning properly as an SMB server (or client).");
 script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2000/ms00-047");
 script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/en-us/support/kb/articles/q299/4/44.asp");
 script_set_attribute(attribute:"solution", value:"Microsoft has released a set of patches for Windows NT and 2000.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
 script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L");
 script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");

 script_set_attribute(attribute:"vuln_publication_date", value:"2000/07/27");
 script_set_attribute(attribute:"patch_publication_date", value:"2000/07/27");
 script_set_attribute(attribute:"plugin_publication_date", value:"2000/07/28");

 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);

 script_copyright(english:"This script is Copyright (C) 2000-2018 Tenable Network Security, Inc.");
 script_family(english:"Windows : Microsoft Bulletins");

 script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
 script_require_keys("SMB/MS_Bulletin_Checks/Possible");
 script_require_ports(139, 445, 'Host/patch_management_checks');
 exit(0);
}

include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("misc_func.inc");


get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS00-047';
kb = "269239";

kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);

get_kb_item_or_exit('SMB/Registry/Enumerated');
get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);

if (hotfix_check_sp(nt:7, win2k:2) <= 0) exit(0, "The host is not affected based on its version / service pack.");


if (
  hotfix_missing(name:"Q299444") > 0 &&
  hotfix_missing(name:"Q269239") > 0
)
{
  if (
    defined_func("report_xml_tag") &&
    !isnull(bulletin) &&
    !isnull(kb)
  ) report_xml_tag(tag:bulletin, value:kb);

  hotfix_security_warning();
  set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
  exit(0);
}
else exit(0, "The host is not affected.");